1894567 – (CVE-2020-25692) CVE-2020-25692 openldap: NULL pointer dereference for unauthenticated packet in slapd

Bug 1894567 (CVE-2020-25692) - CVE-2020-25692 openldap: NULL pointer dereference for unauthenticated packet in slapd

Summary: CVE-2020-25692 openldap: NULL pointer dereference for unauthenticated packet ...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2020-25692
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1895288 1895328
Blocks:	1894568
TreeView+	depends on / blocked

Reported:	2020-11-04 14:09 UTC by Guilherme de Almeida Suckevicz
Modified:	2021-04-27 16:46 UTC (History)
CC List:	46 users (show)
Fixed In Version:	openldap 2.4.55
Doc Type:	If docs needed, set a value
Doc Text:	A NULL pointer dereference flaw was found in the OpenLDAP server, during a request for renaming RDNs. This flaw allows a remote, unauthenticated attacker to crash the slapd process by sending a specially crafted request, causing a denial of service. The highest threat from this vulnerability is to system availability.
Clone Of:
Environment:
Last Closed:	2021-04-27 16:46:34 UTC
Flags:	spichugi: needinfo-

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Guilherme de Almeida Suckevicz 2020-11-04 14:09:18 UTC

OpenLDAP slapd crashes on what seems to be a null-ptr-dereference after receiving a malicious TCP packet.

Reference:
https://bugs.openldap.org/show_bug.cgi?id=9370

Comment 1 Cedric Buissart 2020-11-06 08:47:35 UTC

Created openldap tracking bugs for this issue:

Affects: fedora-all [bug 1895288]

Comment 3 Cedric Buissart 2020-11-10 08:55:12 UTC

Upstream fixes:
Main branch :
https://git.openldap.org/openldap/openldap/-/commit/6abfd60078af02d56edb3b6897692cdd09a08971
https://git.openldap.org/openldap/openldap/-/commit/a08a2db4063f54a6217a0f091aebd02f8bdb482e

2.4 branch :
https://git.openldap.org/openldap/openldap/-/commit/4c774220a752bf8e3284984890dc0931fe73165d

Comment 6 RaTasha Tillery-Smith 2020-12-08 15:55:26 UTC

Statement:

This vulnerability affects the server side only. As a result, OpenLDAP client components, such as the component shipped in Red Hat Enterprise Linux 8, are not affected by this flaw.

Comment 10 errata-xmlrpc 2021-04-27 11:33:12 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:1389 https://access.redhat.com/errata/RHSA-2021:1389

Comment 11 Product Security DevOps Team 2021-04-27 16:46:34 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-25692

Note You need to log in before you can comment on or make changes to this bug.

aboyko
apeddire
asoldano
atangrin
bbaranow
bmaxwell
brian.stansberry
cbuissar
cdewolf
chazlett
csutherl
darran.lofthouse
dkreling
dosoudil
eleandro
gzaronik
iweiss
jawilson
jclere
jochrist
jperkins
jwon
krathod
kwills
lgao
matushonek
mbabacek
mharmsen
msalle
msochure
msvehla
mturk
myarboro
nwallace
pjindal
pmackay
rguimara
rmeggins
rstancel
rsvoboda
scorneli
smaestri
spichugi
tom.jenkinson
vashirov
weli